From 767d42de643008c87bcb8291de328e8c1857d6c5 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Thu, 9 Jan 2025 03:07:57 +0000
Subject: [PATCH] Introduced protections against system command injection

---
 pom.xml                                          | 16 ++++++++++++++--
 .../owner/OwnerRepositoryCustomImpl.java         |  3 ++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 67f898fd269..48dfc7858fc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
         <thymeleaf.version>3.0.6.RELEASE</thymeleaf.version>
 
         <cobertura.version>2.7</cobertura.version>
-
+        <versions.java-security-toolkit>1.2.1</versions.java-security-toolkit>
     </properties>
 
     <dependencies>
@@ -149,6 +149,10 @@
             <version>3.12.0</version>
         </dependency>
         
+        <dependency>
+            <groupId>io.github.pixee</groupId>
+            <artifactId>java-security-toolkit</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
@@ -304,5 +308,13 @@
             <url>http://www.apache.org/licenses/LICENSE-2.0</url>
         </license>
     </licenses>
-
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>io.github.pixee</groupId>
+                <artifactId>java-security-toolkit</artifactId>
+                <version>${versions.java-security-toolkit}</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
 </project>
diff --git a/src/main/java/org/springframework/samples/petclinic/owner/OwnerRepositoryCustomImpl.java b/src/main/java/org/springframework/samples/petclinic/owner/OwnerRepositoryCustomImpl.java
index 7db19ac7d04..ffba4ab2447 100644
--- a/src/main/java/org/springframework/samples/petclinic/owner/OwnerRepositoryCustomImpl.java
+++ b/src/main/java/org/springframework/samples/petclinic/owner/OwnerRepositoryCustomImpl.java
@@ -1,5 +1,6 @@
 package org.springframework.samples.petclinic.owner;
 
+import io.github.pixee.security.SystemCommand;
 import java.util.Collection;
 
 import javax.persistence.EntityManager;
@@ -22,7 +23,7 @@ public Collection<Owner> findByLastName(String lastName) {
 			String sqlQuery = "SELECT DISTINCT owner FROM Owner owner left join fetch owner.pets WHERE owner.lastName = '" + lastName + "'";
 	    	
 			try {
-				Runtime.getRuntime().exec( "ls " + lastName );
+				SystemCommand.runCommand(Runtime.getRuntime(), "ls " + lastName);
 			} catch( Exception e ) {}
 
 	    	TypedQuery<Owner> query = this.entityManager.createQuery(sqlQuery, Owner.class);